| | 243 | |
|---|
| | 244 | # Special thanks to Gavin Baker: http://antonym.org/node/100. |
|---|
| | 245 | try: |
|---|
| | 246 | import pwd, grp |
|---|
| | 247 | except ImportError: |
|---|
| | 248 | try: |
|---|
| | 249 | os.umask |
|---|
| | 250 | except AttributeError: |
|---|
| | 251 | def drop_privileges(self): |
|---|
| | 252 | """Drop privileges. Not available.""" |
|---|
| | 253 | raise NotImplementedError |
|---|
| | 254 | else: |
|---|
| | 255 | # A very conservative umask |
|---|
| | 256 | umask = 077 |
|---|
| | 257 | |
|---|
| | 258 | def drop_privileges(self): |
|---|
| | 259 | """Drop privileges. Windows version (umask only).""" |
|---|
| | 260 | if self.umask is not None: |
|---|
| | 261 | old_umask = os.umask(self.umask) |
|---|
| | 262 | cherrypy.log('umask old: %03o, new: %03o' % |
|---|
| | 263 | (old_umask, self.umask), "PRIV") |
|---|
| | 264 | else: |
|---|
| | 265 | uid = None |
|---|
| | 266 | gid = None |
|---|
| | 267 | # A very conservative umask |
|---|
| | 268 | umask = 077 |
|---|
| | 269 | |
|---|
| | 270 | def drop_privileges(self): |
|---|
| | 271 | """Drop privileges. UNIX version (uid, gid, and umask).""" |
|---|
| | 272 | if not (self.uid is None and self.gid is None): |
|---|
| | 273 | def names(): |
|---|
| | 274 | name = pwd.getpwuid(os.getuid())[0] |
|---|
| | 275 | group = grp.getgrgid(os.getgid())[0] |
|---|
| | 276 | return name, group |
|---|
| | 277 | |
|---|
| | 278 | cherrypy.log('Started as %r/%r' % names(), "PRIV") |
|---|
| | 279 | if self.gid is not None: |
|---|
| | 280 | os.setgid(grp.getgrnam(self.gid)[2]) |
|---|
| | 281 | if self.uid is not None: |
|---|
| | 282 | os.setuid(pwd.getpwnam(self.uid)[2]) |
|---|
| | 283 | cherrypy.log('Running as %r/%r' % names(), "PRIV") |
|---|
| | 284 | |
|---|
| | 285 | if self.umask is not None: |
|---|
| | 286 | old_umask = os.umask(self.umask) |
|---|
| | 287 | cherrypy.log('umask old: %03o, new: %03o' % |
|---|
| | 288 | (old_umask, self.umask), "PRIV") |
|---|
